Ambroise Vincent | cc28b21 | 2019-06-05 15:40:29 +0100 | [diff] [blame] | 1 | Security hardening |
| 2 | ================== |
| 3 | |
| 4 | This page contains guidance on what to check for additional security measures, |
| 5 | including build options that can be modified to improve security or catch issues |
| 6 | early in development. |
| 7 | |
| 8 | Build options |
| 9 | ------------- |
| 10 | |
| 11 | Several build options can be used to check for security issues. Refer to the |
Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 12 | :ref:`Build Options` for detailed information on these. |
Ambroise Vincent | cc28b21 | 2019-06-05 15:40:29 +0100 | [diff] [blame] | 13 | |
| 14 | - The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer |
| 15 | Authentication and Branch Target Identification. |
| 16 | |
| 17 | - The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer |
| 18 | overflows. |
| 19 | |
| 20 | - The ``W`` build flag can be used to enable a number of compiler warning |
| 21 | options to detect potentially incorrect code. |
| 22 | |
| 23 | - W=0 (default value) |
| 24 | |
| 25 | The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization`` |
| 26 | and ``Wvla`` flags are enabled. |
| 27 | |
| 28 | The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and |
| 29 | ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled. |
| 30 | |
| 31 | - W=1 |
| 32 | |
| 33 | Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``, |
| 34 | ``Wmissing-prototypes``, ``Wold-style-definition`` and |
| 35 | ``Wunused-const-variable``. |
| 36 | |
| 37 | - W=2 |
| 38 | |
| 39 | Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``, |
Justin Chadwell | 80e264b | 2019-07-31 11:44:42 +0100 | [diff] [blame] | 40 | ``Wshadow``, ``Wlogical-op``. |
Ambroise Vincent | cc28b21 | 2019-06-05 15:40:29 +0100 | [diff] [blame] | 41 | |
| 42 | - W=3 |
| 43 | |
| 44 | Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``, |
| 45 | ``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and |
| 46 | ``Wswitch-default``. |
| 47 | |
| 48 | Refer to the GCC or Clang documentation for more information on the individual |
| 49 | options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and |
| 50 | https://clang.llvm.org/docs/DiagnosticsReference.html. |
| 51 | |
| 52 | NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by |
| 53 | setting the ``E`` build flag to 0. |
| 54 | |
Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 55 | -------------- |
Ambroise Vincent | cc28b21 | 2019-06-05 15:40:29 +0100 | [diff] [blame] | 56 | |
Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 57 | *Copyright (c) 2019, Arm Limited. All rights reserved.* |